"The attack assumes that multiple SSL or TLS connections involve a
common fixed plaintext block, such as a password. An active attacker
can substitute specifically made-up ciphertext blocks for blocks sent
by legitimate SSL/TLS parties and measure the time until a response
arrives: SSL/TLS includes data authentication to ensure that such
modified ciphertext blocks will be rejected by the peer (and the
connection aborted), but the attacker may be able to use timing
observations to distinguish between two different error cases, namely
block cipher padding errors and MAC verification errors. This is
sufficient for an adaptive attack that finally can obtain the complete
plaintext block."